package com.base.boot.demo.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;

@RestController
@RequestMapping("/security")
public class SecurityDemoController {

    @RequestMapping("/admin")
    public String adminFunc() {
        System.out.println("adminFunc");
        return "adminFunc";
    }

    @RequestMapping("/user")
    public String userFunc() {
        System.out.println("userFunc");
        return "userFunc";
    }

    @RequestMapping("userInfo")
    @PreAuthorize("hasAnyRole('admin') or hasAnyAuthority('admin_delegate')")
    public String userInfo(HttpServletRequest servletRequest) {
        UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        return userDetails.toString();
    }
}
